I am learning to use Metasploit as part of one of my college lessons. As you may know there are software builds like NOWASP (Mutillidae) or Damn Vulnerable Linux that allow you to exercise on pentest or similar things. I have heard that in order the payloads to work the target-victim should run its PC as server. I have tried to set up a server in to the same machine (through Virtualbox) and make it as target but it failed. So, do you know if there is a server or something similar to allow me practice (legally, against test systems)?

I think you're asking for a real live server out there run by someone else that invites you to legally hack on it. But most answers are about hackable server distributions that you could install locally and hack on yourself, which is what you said you failed with. Can you edit your question to clarify whether you want this question to address one or the other? Each is of potential interest.
– nealmcbJan 20 '11 at 15:54

Hi guys, sorry for not responding yesterday but there were some emergent tasks to do.@Justice, I am not sure but if it helps the virtual os can connect to the internet.@Tane Hansen, thank you I will check out.@nealmcb.Both of them...if you ask me for one I prefer to test my skills on a real server.
– py_scriptJan 21 '11 at 17:09

The Smash the Stack Wargaming Network hosts several Wargames. A Wargame in our context can be described as an ethical hacking environment that supports the simulation of real world software vulnerability theories or concepts and allows for the legal execution of exploitation techniques. Software can be an Operating System, network protocol, or any userland application.

Holynix
Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example.
http://pynstrom.net/index.php?page=holynix.php

De-ICE PenTest LiveCDs
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
www.dvwa.co.uk

Hacking-Lab
This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote.
http://www.hacking-lab.com/hl_livecd/

Damn Vulnerable Linux (DVL)
Damn Vulnerable Linux is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
http://www.damnvulnerablelinux.org

Virtual Hacking Lab
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
http://sourceforge.net/projects/virtualhacking/files/

Badstore
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure.
http://www.badstore.net/

Katana
Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Able, and many more.
www.hackfromacave.com/katana.html

of course. WebGoat is just a vulnerable server. All other links have info (ip, user/password etc) about real (physical or virtual) servers. And most of them are up-to-date. With all hotfixes and patches installed. Its like the real thing. The owner gets to know the 0day method you used to 0wn it. There is no description about all these servers. You should visit each link and read the FAQ or terms/EULA etc. :-(
– labmiceJan 19 '11 at 16:26

There's a couple of options for setting up a test network to work on. There's a good list of known vulnerable operating systems in this question, which includes DVL and Metasploitable.

In terms of getting them set-up as servers on your network you primarily need some working virtualization software.

Not sure what the problems you're having with Virtualbox are, you could try VMWare Player. It's a free, and relatively straightforward virtualization system, which should allow you to install the vulnerable operating systems mentioned above. Once you've got it working, you should be able to install the software into virtual machines which will be accessible from your host machine over a virtual network, and you should be able to test on those.

additional info always welcome to help the poster (eg links, implementation gotchas, or in this case any guidance on setting one up) - although in saying that, VMWare with Metasploitable is just a case of follow the readme :-)
– Rory Alsop♦Jan 19 '11 at 19:37

I have tried to set up a server in to the same machine (through virtualbox) and make it as target but it failed

Using virtual machines is probably the right way to solve the problem - if you'd said why you'd failed to get these up and running, then maybe you could get some help solving these problems (serverfault might be a more appropriate place to discuss building vms).

Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).